summaryrefslogtreecommitdiffstats
path: root/apps/user_ldap
diff options
context:
space:
mode:
authorblizzz <blizzz@owncloud.com>2013-01-31 09:24:45 -0800
committerblizzz <blizzz@owncloud.com>2013-01-31 09:24:45 -0800
commit411e8e5218e0b0d6dc7e993f283b8a457f780af9 (patch)
tree74479c7d0382a568dcee4a09ee1038df7706f4fb /apps/user_ldap
parent5417e44b2a6d03042156e002264525091f66a6ad (diff)
parentafacaf8bc2b4c0aca0130b961df2f0e12408e5bc (diff)
downloadnextcloud-server-411e8e5218e0b0d6dc7e993f283b8a457f780af9.tar.gz
nextcloud-server-411e8e5218e0b0d6dc7e993f283b8a457f780af9.zip
Merge pull request #1365 from owncloud/ldap_multiple_server
LDAP: support for multiple LDAP/AD servers
Diffstat (limited to 'apps/user_ldap')
-rw-r--r--apps/user_ldap/ajax/deleteConfiguration.php35
-rw-r--r--apps/user_ldap/ajax/getConfiguration.php31
-rw-r--r--apps/user_ldap/ajax/getNewServerConfigPrefix.php34
-rw-r--r--apps/user_ldap/ajax/setConfiguration.php33
-rw-r--r--apps/user_ldap/ajax/testConfiguration.php12
-rw-r--r--apps/user_ldap/appinfo/app.php24
-rw-r--r--apps/user_ldap/appinfo/update.php16
-rw-r--r--apps/user_ldap/appinfo/version2
-rw-r--r--apps/user_ldap/group_ldap.php10
-rw-r--r--apps/user_ldap/group_proxy.php178
-rw-r--r--apps/user_ldap/js/settings.js156
-rw-r--r--apps/user_ldap/lib/access.php46
-rw-r--r--apps/user_ldap/lib/connection.php299
-rw-r--r--apps/user_ldap/lib/helper.php105
-rw-r--r--apps/user_ldap/lib/proxy.php104
-rw-r--r--apps/user_ldap/settings.php78
-rw-r--r--apps/user_ldap/templates/settings.php56
-rw-r--r--apps/user_ldap/user_ldap.php3
-rw-r--r--apps/user_ldap/user_proxy.php159
19 files changed, 1241 insertions, 140 deletions
diff --git a/apps/user_ldap/ajax/deleteConfiguration.php b/apps/user_ldap/ajax/deleteConfiguration.php
new file mode 100644
index 00000000000..b7d633a049d
--- /dev/null
+++ b/apps/user_ldap/ajax/deleteConfiguration.php
@@ -0,0 +1,35 @@
+<?php
+
+/**
+ * ownCloud - user_ldap
+ *
+ * @author Arthur Schiwon
+ * @copyright 2013 Arthur Schiwon blizzz@owncloud.com
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU AFFERO GENERAL PUBLIC LICENSE for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public
+ * License along with this library. If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+// Check user and app status
+OCP\JSON::checkAdminUser();
+OCP\JSON::checkAppEnabled('user_ldap');
+OCP\JSON::callCheck();
+
+$prefix = $_POST['ldap_serverconfig_chooser'];
+if(\OCA\user_ldap\lib\Helper::deleteServerConfiguration($prefix)){
+ OCP\JSON::success();
+} else {
+ $l=OC_L10N::get('user_ldap');
+ OCP\JSON::error(array('message' => $l->t('Failed to delete the server configuration')));
+} \ No newline at end of file
diff --git a/apps/user_ldap/ajax/getConfiguration.php b/apps/user_ldap/ajax/getConfiguration.php
new file mode 100644
index 00000000000..dfae68d2dc9
--- /dev/null
+++ b/apps/user_ldap/ajax/getConfiguration.php
@@ -0,0 +1,31 @@
+<?php
+
+/**
+ * ownCloud - user_ldap
+ *
+ * @author Arthur Schiwon
+ * @copyright 2013 Arthur Schiwon blizzz@owncloud.com
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU AFFERO GENERAL PUBLIC LICENSE for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public
+ * License along with this library. If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+// Check user and app status
+OCP\JSON::checkAdminUser();
+OCP\JSON::checkAppEnabled('user_ldap');
+OCP\JSON::callCheck();
+
+$prefix = $_POST['ldap_serverconfig_chooser'];
+$connection = new \OCA\user_ldap\lib\Connection($prefix);
+OCP\JSON::success(array('configuration' => $connection->getConfiguration())); \ No newline at end of file
diff --git a/apps/user_ldap/ajax/getNewServerConfigPrefix.php b/apps/user_ldap/ajax/getNewServerConfigPrefix.php
new file mode 100644
index 00000000000..17e78f87072
--- /dev/null
+++ b/apps/user_ldap/ajax/getNewServerConfigPrefix.php
@@ -0,0 +1,34 @@
+<?php
+
+/**
+ * ownCloud - user_ldap
+ *
+ * @author Arthur Schiwon
+ * @copyright 2013 Arthur Schiwon blizzz@owncloud.com
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU AFFERO GENERAL PUBLIC LICENSE for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public
+ * License along with this library. If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+// Check user and app status
+OCP\JSON::checkAdminUser();
+OCP\JSON::checkAppEnabled('user_ldap');
+OCP\JSON::callCheck();
+
+$serverConnections = \OCA\user_ldap\lib\Helper::getServerConfigurationPrefixes();
+sort($serverConnections);
+$lk = array_pop($serverConnections);
+$ln = intval(str_replace('s', '', $lk));
+$nk = 's'.str_pad($ln+1, 2, '0', STR_PAD_LEFT);
+OCP\JSON::success(array('configPrefix' => $nk)); \ No newline at end of file
diff --git a/apps/user_ldap/ajax/setConfiguration.php b/apps/user_ldap/ajax/setConfiguration.php
new file mode 100644
index 00000000000..206487c7e0a
--- /dev/null
+++ b/apps/user_ldap/ajax/setConfiguration.php
@@ -0,0 +1,33 @@
+<?php
+
+/**
+ * ownCloud - user_ldap
+ *
+ * @author Arthur Schiwon
+ * @copyright 2013 Arthur Schiwon blizzz@owncloud.com
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU AFFERO GENERAL PUBLIC LICENSE for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public
+ * License along with this library. If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+// Check user and app status
+OCP\JSON::checkAdminUser();
+OCP\JSON::checkAppEnabled('user_ldap');
+OCP\JSON::callCheck();
+
+$prefix = $_POST['ldap_serverconfig_chooser'];
+$connection = new \OCA\user_ldap\lib\Connection($prefix);
+$connection->setConfiguration($_POST);
+$connection->saveConfiguration();
+OCP\JSON::success(); \ No newline at end of file
diff --git a/apps/user_ldap/ajax/testConfiguration.php b/apps/user_ldap/ajax/testConfiguration.php
index a82f7e4c17b..f8038e31469 100644
--- a/apps/user_ldap/ajax/testConfiguration.php
+++ b/apps/user_ldap/ajax/testConfiguration.php
@@ -4,7 +4,7 @@
* ownCloud - user_ldap
*
* @author Arthur Schiwon
- * @copyright 2012 Arthur Schiwon blizzz@owncloud.com
+ * @copyright 2012, 2013 Arthur Schiwon blizzz@owncloud.com
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
@@ -26,14 +26,16 @@ OCP\JSON::checkAdminUser();
OCP\JSON::checkAppEnabled('user_ldap');
OCP\JSON::callCheck();
-$connection = new \OCA\user_ldap\lib\Connection(null);
+$l=OC_L10N::get('user_ldap');
+
+$connection = new \OCA\user_ldap\lib\Connection('', null);
if($connection->setConfiguration($_POST)) {
//Configuration is okay
if($connection->bind()) {
- OCP\JSON::success(array('message' => 'The configuration is valid and the connection could be established!'));
+ OCP\JSON::success(array('message' => $l->t('The configuration is valid and the connection could be established!')));
} else {
- OCP\JSON::error(array('message' => 'The configuration is valid, but the Bind failed. Please check the server settings and credentials.'));
+ OCP\JSON::error(array('message' => $l->t('The configuration is valid, but the Bind failed. Please check the server settings and credentials.')));
}
} else {
- OCP\JSON::error(array('message' => 'The configuration is invalid. Please look in the ownCloud log for further details.'));
+ OCP\JSON::error(array('message' => $l->t('The configuration is invalid. Please look in the ownCloud log for further details.')));
}
diff --git a/apps/user_ldap/appinfo/app.php b/apps/user_ldap/appinfo/app.php
index ce3079da0ba..dec87684c9e 100644
--- a/apps/user_ldap/appinfo/app.php
+++ b/apps/user_ldap/appinfo/app.php
@@ -23,15 +23,23 @@
OCP\App::registerAdmin('user_ldap', 'settings');
-$connector = new OCA\user_ldap\lib\Connection('user_ldap');
-$userBackend = new OCA\user_ldap\USER_LDAP();
-$userBackend->setConnector($connector);
-$groupBackend = new OCA\user_ldap\GROUP_LDAP();
-$groupBackend->setConnector($connector);
+$configPrefixes = OCA\user_ldap\lib\Helper::getServerConfigurationPrefixes(true);
+if(count($configPrefixes) == 1) {
+ $connector = new OCA\user_ldap\lib\Connection($configPrefixes[0]);
+ $userBackend = new OCA\user_ldap\USER_LDAP();
+ $userBackend->setConnector($connector);
+ $groupBackend = new OCA\user_ldap\GROUP_LDAP();
+ $groupBackend->setConnector($connector);
+} else {
+ $userBackend = new OCA\user_ldap\User_Proxy($configPrefixes);
+ $groupBackend = new OCA\user_ldap\Group_Proxy($configPrefixes);
+}
-// register user backend
-OC_User::useBackend($userBackend);
-OC_Group::useBackend($groupBackend);
+if(count($configPrefixes) > 0) {
+ // register user backend
+ OC_User::useBackend($userBackend);
+ OC_Group::useBackend($groupBackend);
+}
// add settings page to navigation
$entry = array(
diff --git a/apps/user_ldap/appinfo/update.php b/apps/user_ldap/appinfo/update.php
index 9b54ba18b6c..f9681e38e68 100644
--- a/apps/user_ldap/appinfo/update.php
+++ b/apps/user_ldap/appinfo/update.php
@@ -5,7 +5,7 @@
//ATTENTION
//Upgrade from ownCloud 3 (LDAP backend 0.1) to ownCloud 4.5 (LDAP backend 0.3) is not supported!!
//You must do upgrade to ownCloud 4.0 first!
-//The upgrade stuff in the section from 0.1 to 0.2 is just to minimize the bad efffects.
+//The upgrade stuff in the section from 0.1 to 0.2 is just to minimize the bad effects.
//settings
$pw = OCP\Config::getAppValue('user_ldap', 'ldap_password');
@@ -22,12 +22,10 @@ if($state == 'unset') {
OCP\Config::setSystemValue('ldapIgnoreNamingRules', false);
}
-// ### SUPPORTED upgrade path starts here ###
-
//from version 0.2 to 0.3 (0.2.0.x dev version)
$objects = array('user', 'group');
-$connector = new \OCA\user_ldap\lib\Connection('user_ldap');
+$connector = new \OCA\user_ldap\lib\Connection();
$userBE = new \OCA\user_ldap\USER_LDAP();
$userBE->setConnector($connector);
$groupBE = new \OCA\user_ldap\GROUP_LDAP();
@@ -80,3 +78,13 @@ function escapeDN($dn) {
return $dn;
}
+
+
+// SUPPORTED UPGRADE FROM Version 0.3 (ownCloud 4.5) to 0.4 (ownCloud 5)
+
+if(!isset($connector)) {
+ $connector = new \OCA\user_ldap\lib\Connection();
+}
+//it is required, that connections do have ldap_configuration_active setting stored in the database
+$connector->getConfiguration();
+$connector->saveConfiguration(); \ No newline at end of file
diff --git a/apps/user_ldap/appinfo/version b/apps/user_ldap/appinfo/version
index b1a5f4781d1..705e30728e0 100644
--- a/apps/user_ldap/appinfo/version
+++ b/apps/user_ldap/appinfo/version
@@ -1 +1 @@
-0.3.0.1 \ No newline at end of file
+0.3.9.0 \ No newline at end of file
diff --git a/apps/user_ldap/group_ldap.php b/apps/user_ldap/group_ldap.php
index 63437310088..02ceecaea0b 100644
--- a/apps/user_ldap/group_ldap.php
+++ b/apps/user_ldap/group_ldap.php
@@ -171,7 +171,6 @@ class GROUP_LDAP extends lib\Access implements \OCP\GroupInterface {
return array();
}
- $search = empty($search) ? '*' : '*'.$search.'*';
$groupUsers = array();
$isMemberUid = (strtolower($this->connection->ldapGroupMemberAssocAttr) == 'memberuid');
foreach($members as $member) {
@@ -179,7 +178,7 @@ class GROUP_LDAP extends lib\Access implements \OCP\GroupInterface {
//we got uids, need to get their DNs to 'tranlsate' them to usernames
$filter = $this->combineFilterWithAnd(array(
\OCP\Util::mb_str_replace('%uid', $member, $this->connection>ldapLoginFilter, 'UTF-8'),
- $this->connection->ldapUserDisplayName.'='.$search
+ $this->getFilterPartForUserSearch($search)
));
$ldap_users = $this->fetchListOfUsers($filter, 'dn');
if(count($ldap_users) < 1) {
@@ -188,8 +187,8 @@ class GROUP_LDAP extends lib\Access implements \OCP\GroupInterface {
$groupUsers[] = $this->dn2username($ldap_users[0]);
} else {
//we got DNs, check if we need to filter by search or we can give back all of them
- if($search != '*') {
- if(!$this->readAttribute($member, $this->connection->ldapUserDisplayName, $this->connection->ldapUserDisplayName.'='.$search)) {
+ if(!empty($search)) {
+ if(!$this->readAttribute($member, $this->connection->ldapUserDisplayName, $this->getFilterPartForUserSearch($search))) {
continue;
}
}
@@ -230,10 +229,9 @@ class GROUP_LDAP extends lib\Access implements \OCP\GroupInterface {
if($limit <= 0) {
$limit = null;
}
- $search = empty($search) ? '*' : '*'.$search.'*';
$filter = $this->combineFilterWithAnd(array(
$this->connection->ldapGroupFilter,
- $this->connection->ldapGroupDisplayName.'='.$search
+ $this->getFilterPartForGroupSearch($search)
));
\OCP\Util::writeLog('user_ldap', 'getGroups Filter '.$filter, \OCP\Util::DEBUG);
$ldap_groups = $this->fetchListOfGroups($filter, array($this->connection->ldapGroupDisplayName, 'dn'), $limit, $offset);
diff --git a/apps/user_ldap/group_proxy.php b/apps/user_ldap/group_proxy.php
new file mode 100644
index 00000000000..5aa1aef0e0e
--- /dev/null
+++ b/apps/user_ldap/group_proxy.php
@@ -0,0 +1,178 @@
+<?php
+
+/**
+ * ownCloud
+ *
+ * @author Artuhr Schiwon
+ * @copyright 2013 Arthur Schiwon blizzz@owncloud.com
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU AFFERO GENERAL PUBLIC LICENSE for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public
+ * License along with this library. If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+namespace OCA\user_ldap;
+
+class Group_Proxy extends lib\Proxy implements \OCP\GroupInterface {
+ private $backends = array();
+ private $refBackend = null;
+
+ /**
+ * @brief Constructor
+ * @param $serverConfigPrefixes array containing the config Prefixes
+ */
+ public function __construct($serverConfigPrefixes) {
+ parent::__construct();
+ foreach($serverConfigPrefixes as $configPrefix) {
+ $this->backends[$configPrefix] = new \OCA\user_ldap\GROUP_LDAP();
+ $connector = $this->getConnector($configPrefix);
+ $this->backends[$configPrefix]->setConnector($connector);
+ if(is_null($this->refBackend)) {
+ $this->refBackend = &$this->backends[$configPrefix];
+ }
+ }
+ }
+
+ /**
+ * @brief Tries the backends one after the other until a positive result is returned from the specified method
+ * @param $gid string, the gid connected to the request
+ * @param $method string, the method of the group backend that shall be called
+ * @param $parameters an array of parameters to be passed
+ * @return mixed, the result of the method or false
+ */
+ protected function walkBackends($gid, $method, $parameters) {
+ $cacheKey = $this->getGroupCacheKey($gid);
+ foreach($this->backends as $configPrefix => $backend) {
+ if($result = call_user_func_array(array($backend, $method), $parameters)) {
+ $this->writeToCache($cacheKey, $configPrefix);
+ return $result;
+ }
+ }
+ return false;
+ }
+
+ /**
+ * @brief Asks the backend connected to the server that supposely takes care of the gid from the request.
+ * @param $gid string, the gid connected to the request
+ * @param $method string, the method of the group backend that shall be called
+ * @param $parameters an array of parameters to be passed
+ * @return mixed, the result of the method or false
+ */
+ protected function callOnLastSeenOn($gid, $method, $parameters) {
+ $cacheKey = $this->getGroupCacheKey($gid);;
+ $prefix = $this->getFromCache($cacheKey);
+ //in case the uid has been found in the past, try this stored connection first
+ if(!is_null($prefix)) {
+ if(isset($this->backends[$prefix])) {
+ $result = call_user_func_array(array($this->backends[$prefix], $method), $parameters);
+ if(!$result) {
+ //not found here, reset cache to null
+ $this->writeToCache($cacheKey, null);
+ }
+ return $result;
+ }
+ }
+ return false;
+ }
+
+ /**
+ * @brief is user in group?
+ * @param $uid uid of the user
+ * @param $gid gid of the group
+ * @returns true/false
+ *
+ * Checks whether the user is member of a group or not.
+ */
+ public function inGroup($uid, $gid) {
+ return $this->handleRequest($gid, 'inGroup', array($uid, $gid));
+ }
+
+ /**
+ * @brief Get all groups a user belongs to
+ * @param $uid Name of the user
+ * @returns array with group names
+ *
+ * This function fetches all groups a user belongs to. It does not check
+ * if the user exists at all.
+ */
+ public function getUserGroups($uid) {
+ $groups = array();
+
+ foreach($this->backends as $backend) {
+ $backendGroups = $backend->getUserGroups($uid);
+ if (is_array($backendGroups)) {
+ $groups = array_merge($groups, $backendGroups);
+ }
+ }
+
+ return $groups;
+ }
+
+ /**
+ * @brief get a list of all users in a group
+ * @returns array with user ids
+ */
+ public function usersInGroup($gid, $search = '', $limit = -1, $offset = 0) {
+ $users = array();
+
+ foreach($this->backends as $backend) {
+ $backendUsers = $backend->usersInGroup($gid, $search, $limit, $offset);
+ if (is_array($backendUsers)) {
+ $users = array_merge($users, $backendUsers);
+ }
+ }
+
+ return $users;
+ }
+
+ /**
+ * @brief get a list of all groups
+ * @returns array with group names
+ *
+ * Returns a list with all groups
+ */
+ public function getGroups($search = '', $limit = -1, $offset = 0) {
+ $groups = array();
+
+ foreach($this->backends as $backend) {
+ $backendGroups = $backend->getGroups($search, $limit, $offset);
+ if (is_array($backendGroups)) {
+ $groups = array_merge($groups, $backendGroups);
+ }
+ }
+
+ return $groups;
+ }
+
+ /**
+ * check if a group exists
+ * @param string $gid
+ * @return bool
+ */
+ public function groupExists($gid) {
+ return $this->handleRequest($gid, 'groupExists', array($gid));
+ }
+
+ /**
+ * @brief Check if backend implements actions
+ * @param $actions bitwise-or'ed actions
+ * @returns boolean
+ *
+ * Returns the supported actions as int to be
+ * compared with OC_USER_BACKEND_CREATE_USER etc.
+ */
+ public function implementsActions($actions) {
+ //it's the same across all our user backends obviously
+ return $this->refBackend->implementsActions($actions);
+ }
+} \ No newline at end of file
diff --git a/apps/user_ldap/js/settings.js b/apps/user_ldap/js/settings.js
index 7063eead96a..166761bc1ff 100644
--- a/apps/user_ldap/js/settings.js
+++ b/apps/user_ldap/js/settings.js
@@ -1,6 +1,113 @@
+var LdapConfiguration = {
+ refreshConfig: function() {
+ if($('#ldap_serverconfig_chooser option').length < 2) {
+ LdapConfiguration.addConfiguration(true);
+ return;
+ }
+ $.post(
+ OC.filePath('user_ldap','ajax','getConfiguration.php'),
+ $('#ldap_serverconfig_chooser').serialize(),
+ function (result) {
+ if(result.status == 'success') {
+ $.each(result.configuration, function(configkey, configvalue) {
+ elementID = '#'+configkey;
+
+ //deal with Checkboxes
+ if($(elementID).is('input[type=checkbox]')) {
+ if(configvalue == 1) {
+ $(elementID).attr('checked', 'checked');
+ } else {
+ $(elementID).removeAttr('checked');
+ }
+ return;
+ }
+
+ //On Textareas, Multi-Line Settings come as array
+ if($(elementID).is('textarea') && $.isArray(configvalue)) {
+ configvalue = configvalue.join("\n");
+ }
+
+ // assign the value
+ $('#'+configkey).val(configvalue);
+ });
+ }
+ }
+ );
+ },
+
+ resetDefaults: function() {
+ $('#ldap').find('input[type=text], input[type=number], input[type=password], textarea, select').each(function() {
+ if($(this).attr('id') == 'ldap_serverconfig_chooser') {
+ return;
+ }
+ $(this).val($(this).attr('data-default'));
+ });
+ $('#ldap').find('input[type=checkbox]').each(function() {
+ if($(this).attr('data-default') == 1) {
+ $(this).attr('checked', 'checked');
+ } else {
+ $(this).removeAttr('checked');
+ }
+ });
+ },
+
+ deleteConfiguration: function() {
+ $.post(
+ OC.filePath('user_ldap','ajax','deleteConfiguration.php'),
+ $('#ldap_serverconfig_chooser').serialize(),
+ function (result) {
+ if(result.status == 'success') {
+ $('#ldap_serverconfig_chooser option:selected').remove();
+ $('#ldap_serverconfig_chooser option:first').select();
+ LdapConfiguration.refreshConfig();
+ } else {
+ OC.dialogs.alert(
+ result.message,
+ t('user_ldap', 'Deletion failed')
+ );
+ }
+ }
+ );
+ },
+
+ addConfiguration: function(doNotAsk) {
+ $.post(
+ OC.filePath('user_ldap','ajax','getNewServerConfigPrefix.php'),
+ function (result) {
+ if(result.status == 'success') {
+ if(doNotAsk) {
+ LdapConfiguration.resetDefaults();
+ } else {
+ OC.dialogs.confirm(
+ t('user_ldap', 'Take over settings from recent server configuration?'),
+ t('user_ldap', 'Keep settings?'),
+ function(keep) {
+ if(!keep) {
+ LdapConfiguration.resetDefaults();
+ }
+ }
+ );
+ }
+ $('#ldap_serverconfig_chooser option:selected').removeAttr('selected');
+ var html = '<option value="'+result.configPrefix+'" selected="selected">'+$('#ldap_serverconfig_chooser option').length+'. Server</option>';
+ $('#ldap_serverconfig_chooser option:last').before(html);
+ } else {
+ OC.dialogs.alert(
+ result.message,
+ t('user_ldap', 'Cannot add server configuration')
+ );
+ }
+ }
+ );
+ }
+}
+
$(document).ready(function() {
$('#ldapSettings').tabs();
+ $('#ldap_submit').button();
$('#ldap_action_test_connection').button();
+ $('#ldap_action_delete_configuration').button();
+ LdapConfiguration.refreshConfig();
$('#ldap_action_test_connection').click(function(event){
event.preventDefault();
$.post(
@@ -10,15 +117,60 @@ $(document).ready(function() {
if (result.status == 'success') {
OC.dialogs.alert(
result.message,
- 'Connection test succeeded'
+ t('user_ldap', 'Connection test succeeded')
);
} else {
OC.dialogs.alert(
result.message,
- 'Connection test failed'
+ t('user_ldap', 'Connection test failed')
);
}
}
);
});
+
+ $('#ldap_action_delete_configuration').click(function(event) {
+ event.preventDefault();
+ OC.dialogs.confirm(
+ t('user_ldap', 'Do you really want to delete the current Server Configuration?'),
+ t('user_ldap', 'Confirm Deletion'),
+ function(deleteConfiguration) {
+ if(deleteConfiguration) {
+ LdapConfiguration.deleteConfiguration();
+ }
+ }
+ );
+ });
+
+ $('#ldap_submit').click(function(event) {
+ event.preventDefault();
+ $.post(
+ OC.filePath('user_ldap','ajax','setConfiguration.php'),
+ $('#ldap').serialize(),
+ function (result) {
+ bgcolor = $('#ldap_submit').css('background');
+ if (result.status == 'success') {
+ //the dealing with colors is a but ugly, but the jQuery version in use has issues with rgba colors
+ $('#ldap_submit').css('background', '#fff');
+ $('#ldap_submit').effect('highlight', {'color':'#A8FA87'}, 5000, function() {
+ $('#ldap_submit').css('background', bgcolor);
+ });
+ } else {
+ $('#ldap_submit').css('background', '#fff');
+ $('#ldap_submit').effect('highlight', {'color':'#E97'}, 5000, function() {
+ $('#ldap_submit').css('background', bgcolor);
+ });
+ }
+ }
+ );
+ });
+
+ $('#ldap_serverconfig_chooser').change(function(event) {
+ value = $('#ldap_serverconfig_chooser option:selected:first').attr('value');
+ if(value == 'NEW') {
+ LdapConfiguration.addConfiguration(false);
+ } else {
+ LdapConfiguration.refreshConfig();
+ }
+ });
}); \ No newline at end of file
diff --git a/apps/user_ldap/lib/access.php b/apps/user_ldap/lib/access.php
index 422e43fc003..68cbe4a5e75 100644
--- a/apps/user_ldap/lib/access.php
+++ b/apps/user_ldap/lib/access.php
@@ -719,6 +719,50 @@ abstract class Access {
return $combinedFilter;
}
+ /**
+ * @brief creates a filter part for to perfrom search for users
+ * @param string $search the search term
+ * @return string the final filter part to use in LDAP searches
+ */
+ public function getFilterPartForUserSearch($search) {
+ return $this->getFilterPartForSearch($search, $this->connection->ldapAttributesForUserSearch, $this->connection->ldapUserDisplayName);
+ }
+
+ /**
+ * @brief creates a filter part for to perfrom search for groups
+ * @param string $search the search term
+ * @return string the final filter part to use in LDAP searches
+ */
+ public function getFilterPartForGroupSearch($search) {
+ return $this->getFilterPartForSearch($search, $this->connection->ldapAttributesForGroupSearch, $this->connection->ldapGroupDisplayName);
+ }
+
+ /**
+ * @brief creates a filter part for searches
+ * @param string $search the search term
+ * @param string $fallbackAttribute a fallback attribute in case the user
+ * did not define search attributes. Typically the display name attribute.
+ * @returns string the final filter part to use in LDAP searches
+ */
+ private function getFilterPartForSearch($search, $searchAttributes, $fallbackAttribute) {
+ $filter = array();
+ $search = empty($search) ? '*' : '*'.$search.'*';
+ if(!is_array($searchAttributes) || count($searchAttributes) == 0) {
+ if(empty($fallbackAttribute)) {
+ return '';
+ }
+ $filter[] = $fallbackAttribute . '=' . $search;
+ } else {
+ foreach($searchAttributes as $attribute) {
+ $filter[] = $attribute . '=' . $search;
+ }
+ }
+ if(count($filter) == 1) {
+ return '('.$filter[0].')';
+ }
+ return $this->combineFilterWithOr($filter);
+ }
+
public function areCredentialsValid($name, $password) {
$name = $this->DNasBaseParameter($name);
$testConnection = clone $this->connection;
@@ -912,7 +956,7 @@ abstract class Access {
$reOffset = ($offset - $limit) < 0 ? 0 : $offset - $limit;
//a bit recursive, $offset of 0 is the exit
\OCP\Util::writeLog('user_ldap', 'Looking for cookie L/O '.$limit.'/'.$reOffset, \OCP\Util::INFO);
- $this->search($filter, $base, $attr, $limit, $reOffset, true);
+ $this->search($filter, array($base), $attr, $limit, $reOffset, true);
$cookie = $this->getPagedResultCookie($base, $filter, $limit, $offset);
//still no cookie? obviously, the server does not like us. Let's skip paging efforts.
//TODO: remember this, probably does not change in the next request...
diff --git a/apps/user_ldap/lib/connection.php b/apps/user_ldap/lib/connection.php
index 7046cbbfc78..acc33e047c6 100644
--- a/apps/user_ldap/lib/connection.php
+++ b/apps/user_ldap/lib/connection.php
@@ -4,7 +4,7 @@
* ownCloud – LDAP Access
*
* @author Arthur Schiwon
- * @copyright 2012 Arthur Schiwon blizzz@owncloud.com
+ * @copyright 2012, 2013 Arthur Schiwon blizzz@owncloud.com
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
@@ -25,6 +25,7 @@ namespace OCA\user_ldap\lib;
class Connection {
private $ldapConnectionRes = null;
+ private $configPrefix;
private $configID;
private $configured = false;
@@ -35,6 +36,8 @@ class Connection {
protected $config = array(
'ldapHost' => null,
'ldapPort' => null,
+ 'ldapBackupHost' => null,
+ 'ldapBackupPort' => null,
'ldapBase' => null,
'ldapBaseUsers' => null,
'ldapBaseGroups' => null,
@@ -48,6 +51,7 @@ class Connection {
'ldapUserFilter' => null,
'ldapGroupFilter' => null,
'ldapGroupDisplayName' => null,
+ 'ldapGroupMemberAssocAttr' => null,
'ldapLoginFilter' => null,
'ldapQuotaAttribute' => null,
'ldapQuotaDefault' => null,
@@ -55,15 +59,24 @@ class Connection {
'ldapCacheTTL' => null,
'ldapUuidAttribute' => null,
'ldapOverrideUuidAttribute' => null,
+ 'ldapOverrideMainServer' => false,
+ 'ldapConfigurationActive' => false,
+ 'ldapAttributesForUserSearch' => null,
+ 'ldapAttributesForGroupSearch' => null,
'homeFolderNamingRule' => null,
'hasPagedResultSupport' => false,
);
- public function __construct($configID = 'user_ldap') {
+ /**
+ * @brief Constructor
+ * @param $configPrefix a string with the prefix for the configkey column (appconfig table)
+ * @param $configID a string with the value for the appid column (appconfig table) or null for on-the-fly connections
+ */
+ public function __construct($configPrefix = '', $configID = 'user_ldap') {
+ $this->configPrefix = $configPrefix;
$this->configID = $configID;
$this->cache = \OC_Cache::getGlobalCache();
$this->config['hasPagedResultSupport'] = (function_exists('ldap_control_paged_result') && function_exists('ldap_control_paged_result_response'));
- \OCP\Util::writeLog('user_ldap', 'PHP supports paged results? '.print_r($this->config['hasPagedResultSupport'], true), \OCP\Util::INFO);
}
public function __destruct() {
@@ -84,12 +97,12 @@ class Connection {
public function __set($name, $value) {
$changed = false;
- //omly few options are writable
+ //only few options are writable
if($name == 'ldapUuidAttribute') {
\OCP\Util::writeLog('user_ldap', 'Set config ldapUuidAttribute to '.$value, \OCP\Util::DEBUG);
$this->config[$name] = $value;
if(!empty($this->configID)) {
- \OCP\Config::setAppValue($this->configID, 'ldap_uuid_attribute', $value);
+ \OCP\Config::setAppValue($this->configID, $this->configPrefix.'ldap_uuid_attribute', $value);
}
$changed = true;
}
@@ -126,7 +139,7 @@ class Connection {
}
private function getCacheKey($key) {
- $prefix = 'LDAP-'.$this->configID.'-';
+ $prefix = 'LDAP-'.$this->configID.'-'.$this->configPrefix.'-';
if(is_null($key)) {
return $prefix;
}
@@ -164,7 +177,8 @@ class Connection {
if(!$this->configured) {
$this->readConfiguration();
}
- if(!$this->config['ldapCacheTTL']) {
+ if(!$this->config['ldapCacheTTL']
+ || !$this->config['ldapConfigurationActive']) {
return null;
}
$key = $this->getCacheKey($key);
@@ -176,43 +190,97 @@ class Connection {
$this->cache->clear($this->getCacheKey(null));
}
+ private function getValue($varname) {
+ static $defaults;
+ if(is_null($defaults)){
+ $defaults = $this->getDefaults();
+ }
+ return \OCP\Config::getAppValue($this->configID,
+ $this->configPrefix.$varname,
+ $defaults[$varname]);
+ }
+
+ private function setValue($varname, $value) {
+ \OCP\Config::setAppValue($this->configID,
+ $this->configPrefix.$varname,
+ $value);
+ }
+
/**
* Caches the general LDAP configuration.
*/
private function readConfiguration($force = false) {
- \OCP\Util::writeLog('user_ldap', 'Checking conf state: isConfigured? '.print_r($this->configured, true).' isForce? '.print_r($force, true).' configID? '.print_r($this->configID, true), \OCP\Util::DEBUG);
if((!$this->configured || $force) && !is_null($this->configID)) {
- \OCP\Util::writeLog('user_ldap', 'Reading the configuration', \OCP\Util::DEBUG);
- $this->config['ldapHost'] = \OCP\Config::getAppValue($this->configID, 'ldap_host', '');
- $this->config['ldapPort'] = \OCP\Config::getAppValue($this->configID, 'ldap_port', 389);
- $this->config['ldapAgentName'] = \OCP\Config::getAppValue($this->configID, 'ldap_dn', '');
- $this->config['ldapAgentPassword'] = base64_decode(\OCP\Config::getAppValue($this->configID, 'ldap_agent_password', ''));
- $this->config['ldapBase'] = preg_split('/\r\n|\r|\n/', \OCP\Config::getAppValue($this->configID, 'ldap_base', ''));
- $this->config['ldapBaseUsers'] = preg_split('/\r\n|\r|\n/', \OCP\Config::getAppValue($this->configID, 'ldap_base_users', $this->config['ldapBase']));
- $this->config['ldapBaseGroups'] = preg_split('/\r\n|\r|\n/', \OCP\Config::getAppValue($this->configID, 'ldap_base_groups', $this->config['ldapBase']));
- $this->config['ldapTLS'] = \OCP\Config::getAppValue($this->configID, 'ldap_tls', 0);
- $this->config['ldapNoCase'] = \OCP\Config::getAppValue($this->configID, 'ldap_nocase', 0);
- $this->config['turnOffCertCheck'] = \OCP\Config::getAppValue($this->configID, 'ldap_turn_off_cert_check', 0);
- $this->config['ldapUserDisplayName'] = mb_strtolower(\OCP\Config::getAppValue($this->configID, 'ldap_display_name', 'uid'), 'UTF-8');
- $this->config['ldapUserFilter'] = \OCP\Config::getAppValue($this->configID, 'ldap_userlist_filter', 'objectClass=person');
- $this->config['ldapGroupFilter'] = \OCP\Config::getAppValue($this->configID, 'ldap_group_filter', '(objectClass=posixGroup)');
- $this->config['ldapLoginFilter'] = \OCP\Config::getAppValue($this->configID, 'ldap_login_filter', '(uid=%uid)');
- $this->config['ldapGroupDisplayName'] = mb_strtolower(\OCP\Config::getAppValue($this->configID, 'ldap_group_display_name', 'uid'), 'UTF-8');
- $this->config['ldapQuotaAttribute'] = \OCP\Config::getAppValue($this->configID, 'ldap_quota_attr', '');
- $this->config['ldapQuotaDefault'] = \OCP\Config::getAppValue($this->configID, 'ldap_quota_def', '');
- $this->config['ldapEmailAttribute'] = \OCP\Config::getAppValue($this->configID, 'ldap_email_attr', '');
- $this->config['ldapGroupMemberAssocAttr'] = \OCP\Config::getAppValue($this->configID, 'ldap_group_member_assoc_attribute', 'uniqueMember');
- $this->config['ldapIgnoreNamingRules'] = \OCP\Config::getSystemValue('ldapIgnoreNamingRules', false);
- $this->config['ldapCacheTTL'] = \OCP\Config::getAppValue($this->configID, 'ldap_cache_ttl', 10*60);
- $this->config['ldapUuidAttribute'] = \OCP\Config::getAppValue($this->configID, 'ldap_uuid_attribute', 'auto');
- $this->config['ldapOverrideUuidAttribute'] = \OCP\Config::getAppValue($this->configID, 'ldap_override_uuid_attribute', 0);
- $this->config['homeFolderNamingRule'] = \OCP\Config::getAppValue($this->configID, 'home_folder_naming_rule', 'opt:username');
+ $defaults = $this->getDefaults();
+ $v = 'getValue';
+ $this->config['ldapHost'] = $this->$v('ldap_host');
+ $this->config['ldapBackupHost'] = $this->$v('ldap_backup_host');
+ $this->config['ldapPort'] = $this->$v('ldap_port');
+ $this->config['ldapBackupPort'] = $this->$v('ldap_backup_port');
+ $this->config['ldapOverrideMainServer']
+ = $this->$v('ldap_override_main_server');
+ $this->config['ldapAgentName'] = $this->$v('ldap_dn');
+ $this->config['ldapAgentPassword']
+ = base64_decode($this->$v('ldap_agent_password'));
+ $rawLdapBase = $this->$v('ldap_base');
+ $this->config['ldapBase']
+ = preg_split('/\r\n|\r|\n/', $rawLdapBase);
+ $this->config['ldapBaseUsers']
+ = preg_split('/\r\n|\r|\n/', ($this->$v('ldap_base_users')));
+ $this->config['ldapBaseGroups']
+ = preg_split('/\r\n|\r|\n/', $this->$v('ldap_base_groups'));
+ unset($rawLdapBase);
+ $this->config['ldapTLS'] = $this->$v('ldap_tls');
+ $this->config['ldapNoCase'] = $this->$v('ldap_nocase');
+ $this->config['turnOffCertCheck']
+ = $this->$v('ldap_turn_off_cert_check');
+ $this->config['ldapUserDisplayName']
+ = mb_strtolower($this->$v('ldap_display_name'),'UTF-8');
+ $this->config['ldapUserFilter']
+ = $this->$v('ldap_userlist_filter');
+ $this->config['ldapGroupFilter'] = $this->$v('ldap_group_filter');
+ $this->config['ldapLoginFilter'] = $this->$v('ldap_login_filter');
+ $this->config['ldapGroupDisplayName']
+ = mb_strtolower($this->$v('ldap_group_display_name'), 'UTF-8');
+ $this->config['ldapQuotaAttribute']
+ = $this->$v('ldap_quota_attr');
+ $this->config['ldapQuotaDefault']
+ = $this->$v('ldap_quota_def');
+ $this->config['ldapEmailAttribute']
+ = $this->$v('ldap_email_attr');
+ $this->config['ldapGroupMemberAssocAttr']
+ = $this->$v('ldap_group_member_assoc_attribute');
+ $this->config['ldapIgnoreNamingRules']
+ = \OCP\Config::getSystemValue('ldapIgnoreNamingRules', false);
+ $this->config['ldapCacheTTL'] = $this->$v('ldap_cache_ttl');
+ $this->config['ldapUuidAttribute']
+ = $this->$v('ldap_uuid_attribute');
+ $this->config['ldapOverrideUuidAttribute']
+ = $this->$v('ldap_override_uuid_attribute');
+ $this->config['homeFolderNamingRule']
+ = $this->$v('home_folder_naming_rule');
+ $this->config['ldapConfigurationActive']
+ = $this->$v('ldap_configuration_active');
+ $this->config['ldapAttributesForUserSearch']
+ = preg_split('/\r\n|\r|\n/', $this->$v('ldap_attributes_for_user_search'));
+ $this->config['ldapAttributesForGroupSearch']
+ = preg_split('/\r\n|\r|\n/', $this->$v('ldap_attributes_for_group_search'));
$this->configured = $this->validateConfiguration();
}
}
/**
+ * @return returns an array that maps internal variable names to database fields
+ */
+ private function getConfigTranslationArray() {
+ static $array = array('ldap_host'=>'ldapHost', 'ldap_port'=>'ldapPort', 'ldap_backup_host'=>'ldapBackupHost', 'ldap_backup_port'=>'ldapBackupPort', 'ldap_override_main_server' => 'ldapOverrideMainServer', 'ldap_dn'=>'ldapAgentName', 'ldap_agent_password'=>'ldapAgentPassword', 'ldap_base'=>'ldapBase', 'ldap_base_users'=>'ldapBaseUsers', 'ldap_base_groups'=>'ldapBaseGroups', 'ldap_userlist_filter'=>'ldapUserFilter', 'ldap_login_filter'=>'ldapLoginFilter', 'ldap_group_filter'=>'ldapGroupFilter', 'ldap_display_name'=>'ldapUserDisplayName', 'ldap_group_display_name'=>'ldapGroupDisplayName',
+
+ 'ldap_tls'=>'ldapTLS', 'ldap_nocase'=>'ldapNoCase', 'ldap_quota_def'=>'ldapQuotaDefault', 'ldap_quota_attr'=>'ldapQuotaAttribute', 'ldap_email_attr'=>'ldapEmailAttribute', 'ldap_group_member_assoc_attribute'=>'ldapGroupMemberAssocAttr', 'ldap_cache_ttl'=>'ldapCacheTTL', 'home_folder_naming_rule' => 'homeFolderNamingRule', 'ldap_turn_off_cert_check' => 'turnOffCertCheck', 'ldap_configuration_active' => 'ldapConfigurationActive', 'ldap_attributes_for_user_search' => 'ldapAttributesForUserSearch', 'ldap_attributes_for_group_search' => 'ldapAttributesForGroupSearch');
+ return $array;
+ }
+
+ /**
* @brief set LDAP configuration with values delivered by an array, not read from configuration
* @param $config array that holds the config parameters in an associated array
* @param &$setParameters optional; array where the set fields will be given to
@@ -223,9 +291,7 @@ class Connection {
return false;
}
- $params = array('ldap_host'=>'ldapHost', 'ldap_port'=>'ldapPort', 'ldap_dn'=>'ldapAgentName', 'ldap_agent_password'=>'ldapAgentPassword', 'ldap_base'=>'ldapBase', 'ldap_base_users'=>'ldapBaseUsers', 'ldap_base_groups'=>'ldapBaseGroups', 'ldap_userlist_filter'=>'ldapUserFilter', 'ldap_login_filter'=>'ldapLoginFilter', 'ldap_group_filter'=>'ldapGroupFilter', 'ldap_display_name'=>'ldapUserDisplayName', 'ldap_group_display_name'=>'ldapGroupDisplayName',
-
- 'ldap_tls'=>'ldapTLS', 'ldap_nocase'=>'ldapNoCase', 'ldap_quota_def'=>'ldapQuotaDefault', 'ldap_quota_attr'=>'ldapQuotaAttribute', 'ldap_email_attr'=>'ldapEmailAttribute', 'ldap_group_member_assoc_attribute'=>'ldapGroupMemberAssocAttr', 'ldap_cache_ttl'=>'ldapCacheTTL', 'home_folder_naming_rule' => 'homeFolderNamingRule');
+ $params = $this->getConfigTranslationArray();
foreach($config as $parameter => $value) {
if(isset($this->config[$parameter])) {
@@ -247,6 +313,71 @@ class Connection {
}
/**
+ * @brief saves the current Configuration in the database
+ */
+ public function saveConfiguration() {
+ $trans = array_flip($this->getConfigTranslationArray());
+ foreach($this->config as $key => $value) {
+ \OCP\Util::writeLog('user_ldap', 'LDAP: storing key '.$key.' value '.$value, \OCP\Util::DEBUG);
+ switch ($key) {
+ case 'ldapAgentPassword':
+ $value = base64_encode($value);
+ break;
+ case 'homeFolderNamingRule':
+ $value = empty($value) ? 'opt:username' : 'attr:'.$value;
+ break;
+ case 'ldapBase':
+ case 'ldapBaseUsers':
+ case 'ldapBaseGroups':
+ case 'ldapAttributesForUserSearch':
+ case 'ldapAttributesForGroupSearch':
+ if(is_array($value)){
+ $value = implode("\n", $value);
+ }
+ break;
+ case 'ldapIgnoreNamingRules':
+ case 'ldapOverrideUuidAttribute':
+ case 'ldapUuidAttribute':
+ case 'hasPagedResultSupport':
+ continue 2;
+ }
+ if(is_null($value)) {
+ $value = '';
+ }
+
+ $this->setValue($trans[$key], $value);
+ }
+ $this->clearCache();
+ }
+
+ /**
+ * @brief get the current LDAP configuration
+ * @return array
+ */
+ public function getConfiguration() {
+ $this->readConfiguration();
+ $trans = $this->getConfigTranslationArray();
+ $config = array();
+ foreach($trans as $dbKey => $classKey) {
+ if($classKey == 'homeFolderNamingRule') {
+ if(strpos($this->config[$classKey], 'opt') === 0) {
+ $config[$dbKey] = '';
+ } else {
+ $config[$dbKey] = substr($this->config[$classKey], 5);
+ }
+ continue;
+ } else if((strpos($classKey, 'ldapBase') !== false)
+ || (strpos($classKey, 'ldapAttributes') !== false)) {
+ $config[$dbKey] = implode("\n", $this->config[$classKey]);
+ continue;
+ }
+ $config[$dbKey] = $this->config[$classKey];
+ }
+
+ return $config;
+ }
+
+ /**
* @brief Validates the user specified configuration
* @returns true if configuration seems OK, false otherwise
*/
@@ -264,9 +395,21 @@ class Connection {
\OCP\Util::writeLog('user_ldap', 'No group filter is specified, LDAP group feature will not be used.', \OCP\Util::INFO);
}
if(!in_array($this->config['ldapUuidAttribute'], array('auto', 'entryuuid', 'nsuniqueid', 'objectguid')) && (!is_null($this->configID))) {
- \OCP\Config::setAppValue($this->configID, 'ldap_uuid_attribute', 'auto');
+ \OCP\Config::setAppValue($this->configID, $this->configPrefix.'ldap_uuid_attribute', 'auto');
\OCP\Util::writeLog('user_ldap', 'Illegal value for the UUID Attribute, reset to autodetect.', \OCP\Util::INFO);
}
+ if(empty($this->config['ldapBackupPort'])) {
+ //force default
+ $this->config['ldapBackupPort'] = $this->config['ldapPort'];
+ }
+ foreach(array('ldapAttributesForUserSearch', 'ldapAttributesForGroupSearch') as $key) {
+ if(is_array($this->config[$key])
+ && count($this->config[$key]) == 1
+ && empty($this->config[$key][0])) {
+ $this->config[$key] = array();
+ }
+ }
+
//second step: critical checks. If left empty or filled wrong, set as unconfigured and give a warning.
@@ -311,9 +454,50 @@ class Connection {
}
/**
+ * @returns an associative array with the default values. Keys are correspond
+ * to config-value entries in the database table
+ */
+ public function getDefaults() {
+ return array(
+ 'ldap_host' => '',
+ 'ldap_port' => '389',
+ 'ldap_backup_host' => '',
+ 'ldap_backup_port' => '',
+ 'ldap_override_main_server' => '',
+ 'ldap_dn' => '',
+ 'ldap_agent_password' => '',
+ 'ldap_base' => '',
+ 'ldap_base_users' => '',
+ 'ldap_base_groups' => '',
+ 'ldap_userlist_filter' => 'objectClass=person',
+ 'ldap_login_filter' => 'uid=%uid',
+ 'ldap_group_filter' => 'objectClass=posixGroup',
+ 'ldap_display_name' => 'cn',
+ 'ldap_group_display_name' => 'cn',
+ 'ldap_tls' => 1,
+ 'ldap_nocase' => 0,
+ 'ldap_quota_def' => '',
+ 'ldap_quota_attr' => '',
+ 'ldap_email_attr' => '',
+ 'ldap_group_member_assoc_attribute' => 'uniqueMember',
+ 'ldap_cache_ttl' => 600,
+ 'ldap_uuid_attribute' => 'auto',
+ 'ldap_override_uuid_attribute' => 0,
+ 'home_folder_naming_rule' => 'opt:username',
+ 'ldap_turn_off_cert_check' => 0,
+ 'ldap_configuration_active' => 1,
+ 'ldap_attributes_for_user_search' => '',
+ 'ldap_attributes_for_group_search' => '',
+ );
+ }
+
+ /**
* Connects and Binds to LDAP
*/
private function establishConnection() {
+ if(!$this->config['ldapConfigurationActive']) {
+ return null;
+ }
static $phpLDAPinstalled = true;
if(!$phpLDAPinstalled) {
return false;
@@ -336,16 +520,40 @@ class Connection {
\OCP\Util::writeLog('user_ldap', 'Could not turn off SSL certificate validation.', \OCP\Util::WARN);
}
}
- $this->ldapConnectionRes = ldap_connect($this->config['ldapHost'], $this->config['ldapPort']);
- if(ldap_set_option($this->ldapConnectionRes, LDAP_OPT_PROTOCOL_VERSION, 3)) {
- if(ldap_set_option($this->ldapConnectionRes, LDAP_OPT_REFERRALS, 0)) {
- if($this->config['ldapTLS']) {
- ldap_start_tls($this->ldapConnectionRes);
+ if(!$this->config['ldapOverrideMainServer'] && !$this->getFromCache('overrideMainServer')) {
+ $this->doConnect($this->config['ldapHost'], $this->config['ldapPort']);
+ $bindStatus = $this->bind();
+ $error = ldap_errno($this->ldapConnectionRes);
+ } else {
+ $bindStatus = false;
+ $error = null;
+ }
+
+ $error = null;
+ //if LDAP server is not reachable, try the Backup (Replica!) Server
+ if((!$bindStatus && ($error == -1))
+ || $this->config['ldapOverrideMainServer']
+ || $this->getFromCache('overrideMainServer')) {
+ $this->doConnect($this->config['ldapBackupHost'], $this->config['ldapBackupPort']);
+ $bindStatus = $this->bind();
+ if($bindStatus && $error == -1) {
+ //when bind to backup server succeeded and failed to main server,
+ //skip contacting him until next cache refresh
+ $this->writeToCache('overrideMainServer', true);
}
- }
}
+ return $bindStatus;
+ }
+ }
- return $this->bind();
+ private function doConnect($host, $port) {
+ $this->ldapConnectionRes = ldap_connect($host, $port);
+ if(ldap_set_option($this->ldapConnectionRes, LDAP_OPT_PROTOCOL_VERSION, 3)) {
+ if(ldap_set_option($this->ldapConnectionRes, LDAP_OPT_REFERRALS, 0)) {
+ if($this->config['ldapTLS']) {
+ ldap_start_tls($this->ldapConnectionRes);
+ }
+ }
}
}
@@ -353,6 +561,9 @@ class Connection {
* Binds to LDAP
*/
public function bind() {
+ if(!$this->config['ldapConfigurationActive']) {
+ return false;
+ }
$ldapLogin = @ldap_bind($this->getConnectionResource(), $this->config['ldapAgentName'], $this->config['ldapAgentPassword']);
if(!$ldapLogin) {
\OCP\Util::writeLog('user_ldap', 'Bind failed: ' . ldap_errno($this->ldapConnectionRes) . ': ' . ldap_error($this->ldapConnectionRes), \OCP\Util::ERROR);
diff --git a/apps/user_ldap/lib/helper.php b/apps/user_ldap/lib/helper.php
new file mode 100644
index 00000000000..29ce998dae7
--- /dev/null
+++ b/apps/user_ldap/lib/helper.php
@@ -0,0 +1,105 @@
+<?php
+
+/**
+ * ownCloud – LDAP Helper
+ *
+ * @author Arthur Schiwon
+ * @copyright 2013 Arthur Schiwon blizzz@owncloud.com
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU AFFERO GENERAL PUBLIC LICENSE for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public
+ * License along with this library. If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+namespace OCA\user_ldap\lib;
+
+class Helper {
+
+ /**
+ * @brief returns prefixes for each saved LDAP/AD server configuration.
+ * @param bool optional, whether only active configuration shall be
+ * retrieved, defaults to false
+ * @return array with a list of the available prefixes
+ *
+ * Configuration prefixes are used to set up configurations for n LDAP or
+ * AD servers. Since configuration is stored in the database, table
+ * appconfig under appid user_ldap, the common identifiers in column
+ * 'configkey' have a prefix. The prefix for the very first server
+ * configuration is empty.
+ * Configkey Examples:
+ * Server 1: ldap_login_filter
+ * Server 2: s1_ldap_login_filter
+ * Server 3: s2_ldap_login_filter
+ *
+ * The prefix needs to be passed to the constructor of Connection class,
+ * except the default (first) server shall be connected to.
+ *
+ */
+ static public function getServerConfigurationPrefixes($activeConfigurations = false) {
+ $referenceConfigkey = 'ldap_configuration_active';
+
+ $query = '
+ SELECT DISTINCT `configkey`
+ FROM `*PREFIX*appconfig`
+ WHERE `configkey` LIKE ?
+ ';
+ if($activeConfigurations) {
+ $query .= ' AND `configvalue` = 1';
+ }
+ $query = \OCP\DB::prepare($query);
+
+ $serverConfigs = $query->execute(array('%'.$referenceConfigkey))->fetchAll();
+ $prefixes = array();
+
+ foreach($serverConfigs as $serverConfig) {
+ $len = strlen($serverConfig['configkey']) - strlen($referenceConfigkey);
+ $prefixes[] = substr($serverConfig['configkey'], 0, $len);
+ }
+
+ return $prefixes;
+ }
+
+ /**
+ * @brief deletes a given saved LDAP/AD server configuration.
+ * @param string the configuration prefix of the config to delete
+ * @return bool true on success, false otherwise
+ */
+ static public function deleteServerConfiguration($prefix) {
+ //just to be on the safe side
+ \OCP\User::checkAdminUser();
+
+ if(!in_array($prefix, self::getServerConfigurationPrefixes())) {
+ return false;
+ }
+
+ $query = \OCP\DB::prepare('
+ DELETE
+ FROM `*PREFIX*appconfig`
+ WHERE `configkey` LIKE ?
+ AND `appid` = "user_ldap"
+ AND `configkey` NOT IN ("enabled", "installed_version", "types", "bgjUpdateGroupsLastRun")
+ ');
+ $res = $query->execute(array($prefix.'%'));
+
+ if(\OCP\DB::isError($res)) {
+ return false;
+ }
+
+ if($res->numRows() == 0) {
+ return false;
+ }
+
+ return true;
+ }
+}
+
diff --git a/apps/user_ldap/lib/proxy.php b/apps/user_ldap/lib/proxy.php
new file mode 100644
index 00000000000..c80e2163475
--- /dev/null
+++ b/apps/user_ldap/lib/proxy.php
@@ -0,0 +1,104 @@
+<?php
+
+/**
+ * ownCloud – LDAP Backend Proxy
+ *
+ * @author Arthur Schiwon
+ * @copyright 2013 Arthur Schiwon blizzz@owncloud.com
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU AFFERO GENERAL PUBLIC LICENSE for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public
+ * License along with this library. If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+namespace OCA\user_ldap\lib;
+
+abstract class Proxy {
+ static private $connectors = array();
+
+ public function __construct() {
+ $this->cache = \OC_Cache::getGlobalCache();
+ }
+
+ private function addConnector($configPrefix) {
+ self::$connectors[$configPrefix] = new \OCA\user_ldap\lib\Connection($configPrefix);
+ }
+
+ protected function getConnector($configPrefix) {
+ if(!isset(self::$connectors[$configPrefix])) {
+ $this->addConnector($configPrefix);
+ }
+ return self::$connectors[$configPrefix];
+ }
+
+ protected function getConnectors() {
+ return self::$connectors;
+ }
+
+ protected function getUserCacheKey($uid) {
+ return 'user-'.$uid.'-lastSeenOn';
+ }
+
+ protected function getGroupCacheKey($gid) {
+ return 'group-'.$gid.'-lastSeenOn';
+ }
+
+ abstract protected function callOnLastSeenOn($id, $method, $parameters);
+ abstract protected function walkBackends($id, $method, $parameters);
+
+ /**
+ * @brief Takes care of the request to the User backend
+ * @param $uid string, the uid connected to the request
+ * @param $method string, the method of the user backend that shall be called
+ * @param $parameters an array of parameters to be passed
+ * @return mixed, the result of the specified method
+ */
+ protected function handleRequest($id, $method, $parameters) {
+ if(!$result = $this->callOnLastSeenOn($id, $method, $parameters)) {
+ $result = $this->walkBackends($id, $method, $parameters);
+ }
+ return $result;
+ }
+
+ private function getCacheKey($key) {
+ $prefix = 'LDAP-Proxy-';
+ if(is_null($key)) {
+ return $prefix;
+ }
+ return $prefix.md5($key);
+ }
+
+ public function getFromCache($key) {
+ if(!$this->isCached($key)) {
+ return null;
+ }
+ $key = $this->getCacheKey($key);
+
+ return unserialize(base64_decode($this->cache->get($key)));
+ }
+
+ public function isCached($key) {
+ $key = $this->getCacheKey($key);
+ return $this->cache->hasKey($key);
+ }
+
+ public function writeToCache($key, $value) {
+ $key = $this->getCacheKey($key);
+ $value = base64_encode(serialize($value));
+ $this->cache->set($key, $value, '2592000');
+ }
+
+ public function clearCache() {
+ $this->cache->clear($this->getCacheKey(null));
+ }
+} \ No newline at end of file
diff --git a/apps/user_ldap/settings.php b/apps/user_ldap/settings.php
index 58ec8e7f7a4..d5d2f648b38 100644
--- a/apps/user_ldap/settings.php
+++ b/apps/user_ldap/settings.php
@@ -23,58 +23,46 @@
OC_Util::checkAdminUser();
-$params = array('ldap_host', 'ldap_port', 'ldap_dn', 'ldap_agent_password', 'ldap_base', 'ldap_base_users', 'ldap_base_groups', 'ldap_userlist_filter', 'ldap_login_filter', 'ldap_group_filter', 'ldap_display_name', 'ldap_group_display_name', 'ldap_tls', 'ldap_turn_off_cert_check', 'ldap_nocase', 'ldap_quota_def', 'ldap_quota_attr', 'ldap_email_attr', 'ldap_group_member_assoc_attribute', 'ldap_cache_ttl', 'home_folder_naming_rule');
+$params = array('ldap_host', 'ldap_port', 'ldap_backup_host',
+ 'ldap_backup_port', 'ldap_override_main_server', 'ldap_dn',
+ 'ldap_agent_password', 'ldap_base', 'ldap_base_users',
+ 'ldap_base_groups', 'ldap_userlist_filter',
+ 'ldap_login_filter', 'ldap_group_filter', 'ldap_display_name',
+ 'ldap_group_display_name', 'ldap_tls',
+ 'ldap_turn_off_cert_check', 'ldap_nocase', 'ldap_quota_def',
+ 'ldap_quota_attr', 'ldap_email_attr',
+ 'ldap_group_member_assoc_attribute', 'ldap_cache_ttl',
+ 'home_folder_naming_rule'
+ );
OCP\Util::addscript('user_ldap', 'settings');
OCP\Util::addstyle('user_ldap', 'settings');
-if ($_POST) {
- $clearCache = false;
- foreach($params as $param) {
- if(isset($_POST[$param])) {
- $clearCache = true;
- if('ldap_agent_password' == $param) {
- OCP\Config::setAppValue('user_ldap', $param, base64_encode($_POST[$param]));
- } elseif('home_folder_naming_rule' == $param) {
- $value = empty($_POST[$param]) ? 'opt:username' : 'attr:'.$_POST[$param];
- OCP\Config::setAppValue('user_ldap', $param, $value);
- } else {
- OCP\Config::setAppValue('user_ldap', $param, $_POST[$param]);
- }
- }
- elseif('ldap_tls' == $param) {
- // unchecked checkboxes are not included in the post paramters
- OCP\Config::setAppValue('user_ldap', $param, 0);
- }
- elseif('ldap_nocase' == $param) {
- OCP\Config::setAppValue('user_ldap', $param, 0);
- }
- elseif('ldap_turn_off_cert_check' == $param) {
- OCP\Config::setAppValue('user_ldap', $param, 0);
- }
- }
- if($clearCache) {
- $ldap = new \OCA\user_ldap\lib\Connection('user_ldap');
- $ldap->clearCache();
- }
+// fill template
+$tmpl = new OCP\Template('user_ldap', 'settings');
+
+$prefixes = \OCA\user_ldap\lib\Helper::getServerConfigurationPrefixes();
+$scoHtml = '';
+$i = 1;
+$sel = ' selected';
+foreach($prefixes as $prefix) {
+ $scoHtml .= '<option value="'.$prefix.'"'.$sel.'>'.$i++.'. Server</option>';
+ $sel = '';
+}
+if(count($prefixes) == 0) {
+ $scoHtml .= '<option value="" selected>1. Server</option>';
}
+$tmpl->assign('serverConfigurationOptions', $scoHtml, false);
-// fill template
-$tmpl = new OCP\Template( 'user_ldap', 'settings');
-foreach($params as $param) {
- $value = OCP\Config::getAppValue('user_ldap', $param, '');
- $tmpl->assign($param, $value);
+// assign default values
+if(!isset($ldap)) {
+ $ldap = new \OCA\user_ldap\lib\Connection();
+}
+$defaults = $ldap->getDefaults();
+foreach($defaults as $key => $default) {
+ $tmpl->assign($key.'_default', $default);
}
-// settings with default values
-$tmpl->assign( 'ldap_port', OCP\Config::getAppValue('user_ldap', 'ldap_port', '389'));
-$tmpl->assign( 'ldap_display_name', OCP\Config::getAppValue('user_ldap', 'ldap_display_name', 'uid'));
-$tmpl->assign( 'ldap_group_display_name', OCP\Config::getAppValue('user_ldap', 'ldap_group_display_name', 'cn'));
-$tmpl->assign( 'ldap_group_member_assoc_attribute', OCP\Config::getAppValue('user_ldap', 'ldap_group_member_assoc_attribute', 'uniqueMember'));
-$tmpl->assign( 'ldap_agent_password', base64_decode(OCP\Config::getAppValue('user_ldap', 'ldap_agent_password')));
-$tmpl->assign( 'ldap_cache_ttl', OCP\Config::getAppValue('user_ldap', 'ldap_cache_ttl', '600'));
-$hfnr = OCP\Config::getAppValue('user_ldap', 'home_folder_naming_rule', 'opt:username');
-$hfnr = ($hfnr == 'opt:username') ? '' : substr($hfnr, strlen('attr:'));
-$tmpl->assign( 'home_folder_naming_rule', $hfnr, '');
+// $tmpl->assign();
return $tmpl->fetchPage();
diff --git a/apps/user_ldap/templates/settings.php b/apps/user_ldap/templates/settings.php
index b24c6e2f025..e6fa91cc85f 100644
--- a/apps/user_ldap/templates/settings.php
+++ b/apps/user_ldap/templates/settings.php
@@ -12,31 +12,43 @@
}
?>
<fieldset id="ldapSettings-1">
- <p><label for="ldap_host"><?php echo $l->t('Host');?></label><input type="text" id="ldap_host" name="ldap_host" value="<?php echo $_['ldap_host']; ?>" title="<?php echo $l->t('You can omit the protocol, except you require SSL. Then start with ldaps://');?>"></p>
- <p><label for="ldap_base"><?php echo $l->t('Base DN');?></label><textarea id="ldap_base" name="ldap_base" placeholder="<?php echo $l->t('One Base DN per line');?>" title="<?php echo $l->t('You can specify Base DN for users and groups in the Advanced tab');?>"><?php echo $_['ldap_base']; ?></textarea></p>
- <p><label for="ldap_dn"><?php echo $l->t('User DN');?></label><input type="text" id="ldap_dn" name="ldap_dn" value="<?php echo $_['ldap_dn']; ?>" title="<?php echo $l->t('The DN of the client user with which the bind shall be done, e.g. uid=agent,dc=example,dc=com. For anonymous access, leave DN and Password empty.');?>" /></p>
- <p><label for="ldap_agent_password"><?php echo $l->t('Password');?></label><input type="password" id="ldap_agent_password" name="ldap_agent_password" value="<?php echo $_['ldap_agent_password']; ?>" title="<?php echo $l->t('For anonymous access, leave DN and Password empty.');?>" /></p>
- <p><label for="ldap_login_filter"><?php echo $l->t('User Login Filter');?></label><input type="text" id="ldap_login_filter" name="ldap_login_filter" value="<?php echo $_['ldap_login_filter']; ?>" title="<?php echo $l->t('Defines the filter to apply, when login is attempted. %%uid replaces the username in the login action.');?>" /><br /><small><?php echo $l->t('use %%uid placeholder, e.g. "uid=%%uid"');?></small></p>
- <p><label for="ldap_userlist_filter"><?php echo $l->t('User List Filter');?></label><input type="text" id="ldap_userlist_filter" name="ldap_userlist_filter" value="<?php echo $_['ldap_userlist_filter']; ?>" title="<?php echo $l->t('Defines the filter to apply, when retrieving users.');?>" /><br /><small><?php echo $l->t('without any placeholder, e.g. "objectClass=person".');?></small></p>
- <p><label for="ldap_group_filter"><?php echo $l->t('Group Filter');?></label><input type="text" id="ldap_group_filter" name="ldap_group_filter" value="<?php echo $_['ldap_group_filter']; ?>" title="<?php echo $l->t('Defines the filter to apply, when retrieving groups.');?>" /><br /><small><?php echo $l->t('without any placeholder, e.g. "objectClass=posixGroup".');?></small></p>
+ <p><label for="ldap_serverconfig_chooser"><?php echo $l->t('Server configuration');?></label><select id="ldap_serverconfig_chooser" name="ldap_serverconfig_chooser">
+ <?php echo $_['serverConfigurationOptions']; ?>
+ <option value="NEW"><?php echo $l->t('Add Server Configuration');?></option>
+ </select>
+ <button id="ldap_action_delete_configuration" name="ldap_action_delete_configuration">Delete Configuration</button>
+ </p>
+ <p><label for="ldap_host"><?php echo $l->t('Host');?></label><input type="text" id="ldap_host" name="ldap_host" data-default="<?php echo $_['ldap_host_default']; ?>" title="<?php echo $l->t('You can omit the protocol, except you require SSL. Then start with ldaps://');?>"></p>
+ <p><label for="ldap_base"><?php echo $l->t('Base DN');?></label><textarea id="ldap_base" name="ldap_base" placeholder="<?php echo $l->t('One Base DN per line');?>" title="<?php echo $l->t('You can specify Base DN for users and groups in the Advanced tab');?>" data-default="<?php echo $_['ldap_base_default']; ?>" ></textarea></p>
+ <p><label for="ldap_dn"><?php echo $l->t('User DN');?></label><input type="text" id="ldap_dn" name="ldap_dn" data-default="<?php echo $_['ldap_dn_default']; ?>" title="<?php echo $l->t('The DN of the client user with which the bind shall be done, e.g. uid=agent,dc=example,dc=com. For anonymous access, leave DN and Password empty.');?>" /></p>
+ <p><label for="ldap_agent_password"><?php echo $l->t('Password');?></label><input type="password" id="ldap_agent_password" name="ldap_agent_password" data-default="<?php echo $_['ldap_agent_password_default']; ?>" title="<?php echo $l->t('For anonymous access, leave DN and Password empty.');?>" /></p>
+ <p><label for="ldap_login_filter"><?php echo $l->t('User Login Filter');?></label><input type="text" id="ldap_login_filter" name="ldap_login_filter" data-default="<?php echo $_['ldap_login_filter_default']; ?>" title="<?php echo $l->t('Defines the filter to apply, when login is attempted. %%uid replaces the username in the login action.');?>" /><br /><small><?php echo $l->t('use %%uid placeholder, e.g. "uid=%%uid"');?></small></p>
+ <p><label for="ldap_userlist_filter"><?php echo $l->t('User List Filter');?></label><input type="text" id="ldap_userlist_filter" name="ldap_userlist_filter" data-default="<?php echo $_['ldap_userlist_filter_default']; ?>" title="<?php echo $l->t('Defines the filter to apply, when retrieving users.');?>" /><br /><small><?php echo $l->t('without any placeholder, e.g. "objectClass=person".');?></small></p>
+ <p><label for="ldap_group_filter"><?php echo $l->t('Group Filter');?></label><input type="text" id="ldap_group_filter" name="ldap_group_filter" data-default="<?php echo $_['ldap_group_filter_default']; ?>" title="<?php echo $l->t('Defines the filter to apply, when retrieving groups.');?>" /><br /><small><?php echo $l->t('without any placeholder, e.g. "objectClass=posixGroup".');?></small></p>
</fieldset>
<fieldset id="ldapSettings-2">
- <p><label for="ldap_port"><?php echo $l->t('Port');?></label><input type="text" id="ldap_port" name="ldap_port" value="<?php echo $_['ldap_port']; ?>" /></p>
- <p><label for="ldap_base_users"><?php echo $l->t('Base User Tree');?></label><textarea id="ldap_base_users" name="ldap_base_users" placeholder="<?php echo $l->t('One User Base DN per line');?>" title="<?php echo $l->t('Base User Tree');?>"><?php echo $_['ldap_base_users']; ?></textarea></p>
- <p><label for="ldap_base_groups"><?php echo $l->t('Base Group Tree');?></label><textarea id="ldap_base_groups" name="ldap_base_groups" placeholder="<?php echo $l->t('One Group Base DN per line');?>" title="<?php echo $l->t('Base Group Tree');?>"><?php echo $_['ldap_base_groups']; ?></textarea></p>
- <p><label for="ldap_group_member_assoc_attribute"><?php echo $l->t('Group-Member association');?></label><select id="ldap_group_member_assoc_attribute" name="ldap_group_member_assoc_attribute"><option value="uniqueMember"<?php if (isset($_['ldap_group_member_assoc_attribute']) && ($_['ldap_group_member_assoc_attribute'] == 'uniqueMember')) echo ' selected'; ?>>uniqueMember</option><option value="memberUid"<?php if (isset($_['ldap_group_member_assoc_attribute']) && ($_['ldap_group_member_assoc_attribute'] == 'memberUid')) echo ' selected'; ?>>memberUid</option><option value="member"<?php if (isset($_['ldap_group_member_assoc_attribute']) && ($_['ldap_group_member_assoc_attribute'] == 'member')) echo ' selected'; ?>>member (AD)</option></select></p>
- <p><label for="ldap_tls"><?php echo $l->t('Use TLS');?></label><input type="checkbox" id="ldap_tls" name="ldap_tls" value="1"<?php if ($_['ldap_tls']) echo ' checked'; ?> title="<?php echo $l->t('Do not use it for SSL connections, it will fail.');?>" /></p>
- <p><label for="ldap_nocase"><?php echo $l->t('Case insensitve LDAP server (Windows)');?></label> <input type="checkbox" id="ldap_nocase" name="ldap_nocase" value="1"<?php if (isset($_['ldap_nocase']) && ($_['ldap_nocase'])) echo ' checked'; ?>></p>
- <p><label for="ldap_turn_off_cert_check"><?php echo $l->t('Turn off SSL certificate validation.');?></label><input type="checkbox" id="ldap_turn_off_cert_check" name="ldap_turn_off_cert_check" title="<?php echo $l->t('If connection only works with this option, import the LDAP server\'s SSL certificate in your ownCloud server.');?>" value="1"<?php if ($_['ldap_turn_off_cert_check']) echo ' checked'; ?>><br/><small><?php echo $l->t('Not recommended, use for testing only.');?></small></p>
- <p><label for="ldap_display_name"><?php echo $l->t('User Display Name Field');?></label><input type="text" id="ldap_display_name" name="ldap_display_name" value="<?php echo $_['ldap_display_name']; ?>" title="<?php echo $l->t('The LDAP attribute to use to generate the user`s ownCloud name.');?>" /></p>
- <p><label for="ldap_group_display_name"><?php echo $l->t('Group Display Name Field');?></label><input type="text" id="ldap_group_display_name" name="ldap_group_display_name" value="<?php echo $_['ldap_group_display_name']; ?>" title="<?php echo $l->t('The LDAP attribute to use to generate the groups`s ownCloud name.');?>" /></p>
- <p><label for="ldap_quota_attr">Quota Field</label><input type="text" id="ldap_quota_attr" name="ldap_quota_attr" value="<?php echo $_['ldap_quota_attr']; ?>" /></p>
- <p><label for="ldap_quota_def">Quota Default</label><input type="text" id="ldap_quota_def" name="ldap_quota_def" value="<?php if (isset($_['ldap_quota_def'])) echo $_['ldap_quota_def']; ?>" title="<?php echo $l->t('in bytes');?>" /></p>
- <p><label for="ldap_email_attr">Email Field</label><input type="text" id="ldap_email_attr" name="ldap_email_attr" value="<?php echo $_['ldap_email_attr']; ?>" /></p>
- <p><label for="ldap_cache_ttl">Cache Time-To-Live</label><input type="text" id="ldap_cache_ttl" name="ldap_cache_ttl" value="<?php echo $_['ldap_cache_ttl']; ?>" title="<?php echo $l->t('in seconds. A change empties the cache.');?>" /></p>
- <p><label for="home_folder_naming_rule">User Home Folder Naming Rule</label><input type="text" id="home_folder_naming_rule" name="home_folder_naming_rule" value="<?php echo $_['home_folder_naming_rule']; ?>" title="<?php echo $l->t('Leave empty for user name (default). Otherwise, specify an LDAP/AD attribute.');?>" /></p>
+ <p><label for="ldap_configuration_active"><?php echo $l->t('Configuration Active');?></label><input type="checkbox" id="ldap_configuration_active" name="ldap_configuration_active" value="1" data-default="<?php echo $_['ldap_configuration_active_default']; ?>" title="<?php echo $l->t('When unchecked, this configuration will be skipped.');?>" /></p>
+ <p><label for="ldap_port"><?php echo $l->t('Port');?></label><input type="number" id="ldap_port" name="ldap_port" data-default="<?php echo $_['ldap_port_default']; ?>" /></p>
+ <p><label for="ldap_backup_host"><?php echo $l->t('Backup (Replica) Host');?></label><input type="text" id="ldap_backup_host" name="ldap_backup_host" data-default="<?php echo $_['ldap_backup_host_default']; ?>" title="<?php echo $l->t('Give an optional backup host. It must be a replica of the main LDAP/AD server.');?>"></p>
+ <p><label for="ldap_backup_port"><?php echo $l->t('Backup (Replica) Port');?></label><input type="number" id="ldap_backup_port" name="ldap_backup_port" data-default="<?php echo $_['ldap_backup_port_default']; ?>" /></p>
+ <p><label for="ldap_override_main_server"><?php echo $l->t('Disable Main Server');?></label><input type="checkbox" id="ldap_override_main_server" name="ldap_override_main_server" value="1" data-default="<?php echo $_['ldap_override_main_server_default']; ?>" title="<?php echo $l->t('When switched on, ownCloud will only connect to the replica server.');?>" /></p>
+ <p><label for="ldap_base_users"><?php echo $l->t('Base User Tree');?></label><textarea id="ldap_base_users" name="ldap_base_users" placeholder="<?php echo $l->t('One User Base DN per line');?>" data-default="<?php echo $_['ldap_base_users_default']; ?>" title="<?php echo $l->t('Base User Tree');?>"></textarea></p>
+ <p><label for="ldap_attributes_for_user_search"><?php echo $l->t('User Search Attributes');?></label><textarea id="ldap_attributes_for_user_search" name="ldap_attributes_for_user_search" placeholder="<?php echo $l->t('Optional; one attribute per line');?>" data-default="<?php echo $_['ldap_attributes_for_user_search_default']; ?>" title="<?php echo $l->t('User Search Attributes');?>"></textarea></p>
+ <p><label for="ldap_base_groups"><?php echo $l->t('Base Group Tree');?></label><textarea id="ldap_base_groups" name="ldap_base_groups" placeholder="<?php echo $l->t('One Group Base DN per line');?>" data-default="<?php echo $_['ldap_base_groups_default']; ?>" title="<?php echo $l->t('Base Group Tree');?>"></textarea></p>
+ <p><label for="ldap_attributes_for_group_search"><?php echo $l->t('Group Search Attributes');?></label><textarea id="ldap_attributes_for_group_search" name="ldap_attributes_for_group_search" placeholder="<?php echo $l->t('Optional; one attribute per line');?>" data-default="<?php echo $_['ldap_attributes_for_group_search_default']; ?>" title="<?php echo $l->t('Group Search Attributes');?>"></textarea></p>
+ <p><label for="ldap_group_member_assoc_attribute"><?php echo $l->t('Group-Member association');?></label><select id="ldap_group_member_assoc_attribute" name="ldap_group_member_assoc_attribute" data-default="<?php echo $_['ldap_group_member_assoc_attribute_default']; ?>" ><option value="uniqueMember"<?php if (isset($_['ldap_group_member_assoc_attribute']) && ($_['ldap_group_member_assoc_attribute'] == 'uniqueMember')) echo ' selected'; ?>>uniqueMember</option><option value="memberUid"<?php if (isset($_['ldap_group_member_assoc_attribute']) && ($_['ldap_group_member_assoc_attribute'] == 'memberUid')) echo ' selected'; ?>>memberUid</option><option value="member"<?php if (isset($_['ldap_group_member_assoc_attribute']) && ($_['ldap_group_member_assoc_attribute'] == 'member')) echo ' selected'; ?>>member (AD)</option></select></p>
+ <p><label for="ldap_tls"><?php echo $l->t('Use TLS');?></label><input type="checkbox" id="ldap_tls" name="ldap_tls" value="1" data-default="<?php echo $_['ldap_tls_default']; ?>" title="<?php echo $l->t('Do not use it for SSL connections, it will fail.');?>" /></p>
+ <p><label for="ldap_nocase"><?php echo $l->t('Case insensitve LDAP server (Windows)');?></label> <input type="checkbox" id="ldap_nocase" name="ldap_nocase" data-default="<?php echo $_['ldap_nocase_default']; ?>" value="1"<?php if (isset($_['ldap_nocase']) && ($_['ldap_nocase'])) echo ' checked'; ?>></p>
+ <p><label for="ldap_turn_off_cert_check"><?php echo $l->t('Turn off SSL certificate validation.');?></label><input type="checkbox" id="ldap_turn_off_cert_check" name="ldap_turn_off_cert_check" title="<?php echo $l->t('If connection only works with this option, import the LDAP server\'s SSL certificate in your ownCloud server.');?>" data-default="<?php echo $_['ldap_turn_off_cert_check_default']; ?>" value="1"><br/><small><?php echo $l->t('Not recommended, use for testing only.');?></small></p>
+ <p><label for="ldap_display_name"><?php echo $l->t('User Display Name Field');?></label><input type="text" id="ldap_display_name" name="ldap_display_name" data-default="<?php echo $_['ldap_display_name_default']; ?>" title="<?php echo $l->t('The LDAP attribute to use to generate the user`s ownCloud name.');?>" /></p>
+ <p><label for="ldap_group_display_name"><?php echo $l->t('Group Display Name Field');?></label><input type="text" id="ldap_group_display_name" name="ldap_group_display_name" data-default="<?php echo $_['ldap_group_display_name_default']; ?>" title="<?php echo $l->t('The LDAP attribute to use to generate the groups`s ownCloud name.');?>" /></p>
+ <p><label for="ldap_quota_attr">Quota Field</label><input type="text" id="ldap_quota_attr" name="ldap_quota_attr" data-default="<?php echo $_['ldap_quota_attr_default']; ?>"/></p>
+ <p><label for="ldap_quota_def">Quota Default</label><input type="text" id="ldap_quota_def" name="ldap_quota_def" data-default="<?php echo $_['ldap_quota_def_default']; ?>" title="<?php echo $l->t('in bytes');?>" /></p>
+ <p><label for="ldap_email_attr">Email Field</label><input type="text" id="ldap_email_attr" name="ldap_email_attr" data-default="<?php echo $_['ldap_email_attr_default']; ?>" /></p>
+ <p><label for="ldap_cache_ttl">Cache Time-To-Live</label><input type="number" id="ldap_cache_ttl" name="ldap_cache_ttl" title="<?php echo $l->t('in seconds. A change empties the cache.');?>" data-default="<?php echo $_['ldap_cache_ttl_default']; ?>" /></p>
+ <p><label for="home_folder_naming_rule">User Home Folder Naming Rule</label><input type="text" id="home_folder_naming_rule" name="home_folder_naming_rule" title="<?php echo $l->t('Leave empty for user name (default). Otherwise, specify an LDAP/AD attribute.');?>" data-default="<?php echo $_['home_folder_naming_rule_default']; ?>" /></p>
</fieldset>
- <input type="submit" value="Save" /> <button id="ldap_action_test_connection" name="ldap_action_test_connection">Test Configuration</button> <a href="http://owncloud.org/support/ldap-backend/" target="_blank"><img src="<?php echo OCP\Util::imagePath('', 'actions/info.png'); ?>" style="height:1.75ex" /> <?php echo $l->t('Help');?></a>
+ <input id="ldap_submit" type="submit" value="Save" /> <button id="ldap_action_test_connection" name="ldap_action_test_connection">Test Configuration</button> <a href="http://doc.owncloud.org/server/5.0/admin_manual/auth_ldap.html" target="_blank"><img src="<?php echo OCP\Util::imagePath('', 'actions/info.png'); ?>" style="height:1.75ex" /> <?php echo $l->t('Help');?></a>
</div>
</form>
diff --git a/apps/user_ldap/user_ldap.php b/apps/user_ldap/user_ldap.php
index b3180e11358..6aa8cd9b83c 100644
--- a/apps/user_ldap/user_ldap.php
+++ b/apps/user_ldap/user_ldap.php
@@ -116,10 +116,9 @@ class USER_LDAP extends lib\Access implements \OCP\UserInterface {
if($limit <= 0) {
$limit = null;
}
- $search = empty($search) ? '*' : '*'.$search.'*';
$filter = $this->combineFilterWithAnd(array(
$this->connection->ldapUserFilter,
- $this->connection->ldapUserDisplayName.'='.$search
+ $this->getFilterPartForUserSearch($search)
));
\OCP\Util::writeLog('user_ldap', 'getUsers: Options: search '.$search.' limit '.$limit.' offset '.$offset.' Filter: '.$filter, \OCP\Util::DEBUG);
diff --git a/apps/user_ldap/user_proxy.php b/apps/user_ldap/user_proxy.php
new file mode 100644
index 00000000000..47f901ddb51
--- /dev/null
+++ b/apps/user_ldap/user_proxy.php
@@ -0,0 +1,159 @@
+<?php
+
+/**
+ * ownCloud
+ *
+ * @author Artuhr Schiwon
+ * @copyright 2013 Arthur Schiwon blizzz@owncloud.com
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU AFFERO GENERAL PUBLIC LICENSE for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public
+ * License along with this library. If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+namespace OCA\user_ldap;
+
+class User_Proxy extends lib\Proxy implements \OCP\UserInterface {
+ private $backends = array();
+ private $refBackend = null;
+
+ /**
+ * @brief Constructor
+ * @param $serverConfigPrefixes array containing the config Prefixes
+ */
+ public function __construct($serverConfigPrefixes) {
+ parent::__construct();
+ foreach($serverConfigPrefixes as $configPrefix) {
+ $this->backends[$configPrefix] = new \OCA\user_ldap\USER_LDAP();
+ $connector = $this->getConnector($configPrefix);
+ $this->backends[$configPrefix]->setConnector($connector);
+ if(is_null($this->refBackend)) {
+ $this->refBackend = &$this->backends[$configPrefix];
+ }
+ }
+ }
+
+ /**
+ * @brief Tries the backends one after the other until a positive result is returned from the specified method
+ * @param $uid string, the uid connected to the request
+ * @param $method string, the method of the user backend that shall be called
+ * @param $parameters an array of parameters to be passed
+ * @return mixed, the result of the method or false
+ */
+ protected function walkBackends($uid, $method, $parameters) {
+ $cacheKey = $this->getUserCacheKey($uid);
+ foreach($this->backends as $configPrefix => $backend) {
+ if($result = call_user_func_array(array($backend, $method), $parameters)) {
+ $this->writeToCache($cacheKey, $configPrefix);
+ return $result;
+ }
+ }
+ return false;
+ }
+
+ /**
+ * @brief Asks the backend connected to the server that supposely takes care of the uid from the request.
+ * @param $uid string, the uid connected to the request
+ * @param $method string, the method of the user backend that shall be called
+ * @param $parameters an array of parameters to be passed
+ * @return mixed, the result of the method or false
+ */
+ protected function callOnLastSeenOn($uid, $method, $parameters) {
+ $cacheKey = $this->getUserCacheKey($uid);
+ $prefix = $this->getFromCache($cacheKey);
+ //in case the uid has been found in the past, try this stored connection first
+ if(!is_null($prefix)) {
+ if(isset($this->backends[$prefix])) {
+ $result = call_user_func_array(array($this->backends[$prefix], $method), $parameters);
+ if(!$result) {
+ //not found here, reset cache to null
+ $this->writeToCache($cacheKey, null);
+ }
+ return $result;
+ }
+ }
+ return false;
+ }
+
+ /**
+ * @brief Check if backend implements actions
+ * @param $actions bitwise-or'ed actions
+ * @returns boolean
+ *
+ * Returns the supported actions as int to be
+ * compared with OC_USER_BACKEND_CREATE_USER etc.
+ */
+ public function implementsActions($actions) {
+ //it's the same across all our user backends obviously
+ return $this->refBackend->implementsActions($actions);
+ }
+
+ /**
+ * @brief Get a list of all users
+ * @returns array with all uids
+ *
+ * Get a list of all users.
+ */
+ public function getUsers($search = '', $limit = 10, $offset = 0) {
+ //we do it just as the /OC_User implementation: do not play around with limit and offset but ask all backends
+ $users = array();
+ foreach($this->backends as $backend) {
+ $backendUsers = $backend->getUsers($search, $limit, $offset);
+ if (is_array($backendUsers)) {
+ $users = array_merge($users, $backendUsers);
+ }
+ }
+ return $users;
+ }
+
+ /**
+ * @brief check if a user exists
+ * @param string $uid the username
+ * @return boolean
+ */
+ public function userExists($uid) {
+ return $this->handleRequest($uid, 'userExists', array($uid));
+ }
+
+ /**
+ * @brief Check if the password is correct
+ * @param $uid The username
+ * @param $password The password
+ * @returns true/false
+ *
+ * Check if the password is correct without logging in the user
+ */
+ public function checkPassword($uid, $password) {
+ return $this->handleRequest($uid, 'checkPassword', array($uid, $password));
+ }
+
+ /**
+ * @brief get the user's home directory
+ * @param string $uid the username
+ * @return boolean
+ */
+ public function getHome($uid) {
+ return $this->handleRequest($uid, 'getHome', array($uid));
+ }
+
+ /**
+ * @brief delete a user
+ * @param $uid The username of the user to delete
+ * @returns true/false
+ *
+ * Deletes a user
+ */
+ public function deleteUser($uid) {
+ return false;
+ }
+} \ No newline at end of file
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-09 16:01:58 +0000